What’s lurking the digital shadows?

Organizations are often aware of their digital or internet footprint. That is, the footprint they leave behind online via their websites, social media accounts, external emails sent out, and more. It is very common for companies to employ a digital director to help manage all these new grounds and keep them in check. But how many companies aware that there is other information left behind on the internet outside of these normal channels? Information that cyber-criminals could leverage to start an attack on an organization.

There is more to a digital shadow than just a collection of social media interactions, and updated web pages. There are corporate email addresses, online domain registration information, information about company owned servers, what versions of operating systems are being run on those servers and much much more. While this information may seem boring to most people, this is exactly what cyber-criminals are looking for. This information could give the bad guys enough information to start an attack no matter what size your business is.

Cyber-criminals will map out all the public information they can gather about an organization to decide how they want to attack. Below is a screenshot of what one of these maps could look like.

This is just a small portion of the over overall graph that an attacker will use to locate a weak point in a company’s network and mount their attack. They will also search sites like Shodan.io that show web servers that are open to the internet and weak points for attack.

There are other things online that could also give cyber-criminals the heads up about a potential weakness in a company’s network, one of those things is meta-data that is left behind in online documents. A program called FOCA (fingerprinting organizations with collected archives) can scan the internet for any documents (such as PDFs and Word Docs) related to an organization and get the meta data out of it to collect information like, who created it, what is their email, what operating system created it, and more.

With all this information out there, how can any organization be sure they are safe? That is where 3KeyLogic can help, we are offering a free cyber-security consultation and can let you know what your digital shadow looks like and ways you can help ensure your organizations security going forward.